From info@calderasystems.com Tue Mar 2 17:15:38 1999
From: Caldera Systems Information
To: caldera-announce@rim.caldera.com
Date: Tue, 2 Mar 1999 17:05:27 -0700
Reply-To: info@caldera.com
Subject: SECURITY [CSSA-1999:006.0] -- dosemu buffer overflow
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject:
Advisory number: CSSA-1999:006.0
Issue date: 1999 Feb 24
Cross reference:
______________________________________________________________________________
1. Problem Description
The TERM and TERMINFO environmentables can be used to cause buffer
overflows in dosemu.
General security problems with suid root
(from Erik Mouw J.A.K.Mouw@its.tudelft.nl):
Note that any Dosemu version running suid root with DPMI enabled is
inherently unsafe. A DPMI program in Dosemu is able to use Linux system
calls, including system calls that require root privileges. The Dosemu Team
is not able to fix this security hole; system administrators who are
serious about security, should not install Dosemu suid-root. Dosemu can run
non-suid on the Slangterminal, under X, in the background and even on
serial lines (bbs'es for example).
2. Vulnerable Versions
Systems: OpenLinux 1.0, 1.1, 1.2, 1.3.
Packages: < dosemu-0.98.5-1.i386.rpm
3. Solutions
The proper solution is to upgrade to the dosemu-0.98.5 package.
For security dosemu should not be installed with the SUID bit set on its
binaries.
4. Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/RPMS/
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/SRPMS
5. Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -q dosemu && rpm -U dosemu-0.98.5.i386.rpm
6. Verification
The MD5 checksums (from the "md5sum" command) for these packages are:
092455b8c1c863e486458d2d6681d8e5 RPMS/dosemu-0.98.5-1.i386.rpm
f9d67120bfb3898ba88fd34ff114417c SRPMS/dosemu-0.98.5-1.src.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/news/security/index.html
Additional documentation on this problem can be found in:
http://geek-girl.com/bugtraq/1999_1/0040.html
This security fix closes Caldera's internal Problem Report 4253.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNtv/Ben+9R4958LpAQGrZgQAtHGGVrxThT0rtr8euCzZfF1pwgYX8HWG
09ZyAFHGYtvcWRYXkJoYIBDJjlcTKsHkoKBSET5GKeaArhBVP1iCVF3Lt5x0KcgG
RSSpa9brkh7dYLhKmVLelxnVsC9EL4HS56SMDMXLGndKSnx3OzVlhhFUJZT63+oz
cS/xPYLf8v0=
=SpXQ
-----END PGP SIGNATURE-----
-
Notes: To learn how to use this list server, email a "help" command to
majordomo@rim.caldera.com.